Sahil Dange

Cloud Architecture & Development

• Done implementation of AWS API Gateway authorization service with API catalog integration
• Made microservices using Quarkus that are running on ROSA (Red Hat OpenShift Service on AWS) containers
• Done coding of Node.js/TypeScript Lambda authorizers running on AWS serverless infrastructure
• Built ID proofing application having Angular SPA frontend and serverless backend APIs on AWS Lambda
• Having good knowledge of AWS CDK for infrastructure as code implementation
• Made and configured CI/CD pipelines for better development workflows and deployment processes

Authentication & Security Expertise

• Did architecting of custom API authorization services for AWS API Gateways
• Gave roadmap for implementing Passwordless Strategy & Multi-Factor Authentication (MFA)
• Have implemented strong MFA authentication methods like Windows Hello for Business (Key Trust Model), Microsoft Authenticator (Phone-Signin), and FIDO2 (YubiKey)
• Done creation of various specialized microservices including LDAP, Ping MFA, DLL, and BLL
• Implemented Policy as Code using Open Policy Agent (OPA) for centralized decision making and authorization
• Used Policy-based access control frameworks for maintaining security posture across applications

Data Engineering & System Integration

• Used data engineering techniques to properly integrate, manage, and optimize identity and access data within IAM systems
• Made improvements in security, scalability, and compliance measures through data engineering approaches
• Having good experience in modernizing applications by shifting diverse workloads to AWS cloud using serverless architecture and containerization with AWS Red Hat OpenShift

Technical Leadership

• Provided direction for engineering efforts and took decisions on technology selection (including buy vs. build decisions)
• Worked as functional technical leader during implementation phases
• Done partnership with internal business units and acquired entities to make sure projects stayed on target and within budget
• Ensured compliance with internal policies and security standards
• Became subject matter expert in authentication and authorization capabilities

Core Development Skills

• Having backend development expertise in Java, TypeScript, and .NET Core
• Successfully delivered robust and scalable solutions in different technological environments

• Company Overview: Bechtel Corporation is an American engineering, procurement, construction, and project management company
• SME for cloud identity & PingFederate (Access Management)
• Provide identity migration expertise (PingFederate onprem IDP to cloud Idp - AzureAD-B2C & Azure AD)
• Consolidate identities to a single cloud directory for easy centralized life cycle management of accounts
• Enhance identity security by utilizing modern authentication methods
• Extensive experience in Azure B2C, working experience in Identity Experience Framework (IEF) in Azure B2C, creating custom azure b2c policy to cater various application needs.
• Advocating Identity best practices to application developer group related to MSAL libraries, migrating existing application to Attribute based authorization design
• Experience in working with identity libraries on multiple platforms like .net core, android, python(flask), nodejs etc
• Design a strategy to move legacy application authentication and existing applications to Azure Authentication.
• Using Azure AD Proxy for onprem legacy applications who still depend on authentication mechanism like kerberos, IWA
• Decommission of onprem ADFS and ping Federate IDP, moving away from federated identity to managed identity
• Setting up PHS (Password Hash Synchronization) as backup for AD FS in Azure AD Connect for some domains who still wanted onprem authentication due to compliance constraints
• Rolling out seamless SSO for better user experience
• Bechtel Corporation is an American engineering, procurement, construction, and project management company

• Company Overview: Bechtel Corporation is an American engineering, procurement, construction, and project management company
• SME for Ping Federate, Cloud Authentication (Azure AD and Azure B2C) Access Management
• Design and implement API Authorization (dynamic authorization/Attribute based access control [ABAC]) solution for microservices residing in Azure Kubernetes Cluster
• Dynamic Authorization - Microservice Authorization with Open Policy Agent and Azure API management Gateway
• Azure AD B2C Token enrichment by writing custom IEF policies to integrate with REST APIS to connect with onprem Data Stores.
• Decoupling Authentication and authorization from identity systems.
• Experience in Integrating Webservices with Ping Federate SSO using WSFED
• Using Ping Federate as IDP for Government departments, having working experience integrating with CAC (Common Access Cards), experience with various selectors like CIDR selector, Connection set selector, implementing custom complex authentication trees using Authentication policies and policy contracts, integrating with various mobile apps, API protection using Oauth/OIDC
• Experience with Ping Federate adapters like Intune IDP adapters, open token adapter, reference adapter
• Integration of Ping Access (Proxy Model) and Ping Federate for Web Access Management for legacy web app solutions
• Federating Ping Federate SSO with various IDP's like ADFS, OIDC IDP's and Azure B2C
• Bechtel Corporation is an American engineering, procurement, construction, and project management company

• Company Overview: Bechtel Corporation is an American engineering, procurement, construction, and project management company
• One Identity Manager Developer
• Working Experience with Identity Management and Identity Governance Administration (IGA) using Quest Dell One Identity Manager
• Automating joiners, movers, leavers process
• Onboarding various applications like servicenow, target systems like active directory with identity management solution
• Integrating one identity manager with SAP as a source of truth system
• Designing implementing, enforcing Separation of Duties (SoD) policies
• Writing custom attestation workflows, writing custom scripts in VB NET, developing custom connectors, writing custom powershell scripts to automate various tasks on Azure AD using Graph APIS like intune device management, revoking refresh token when user leaves the company, device identity management, non human identities life cycle management
• Managing Life cycle management of Azure guest accounts
• Experience with Azure AD entitlement management, Access reviews, privilege identity management, mapping business units with roles for implementing RBAC
• Bechtel Corporation is an American engineering, procurement, construction, and project management company

• Company Overview: Provides physician practices, hospitals, and other healthcare providers with practice management and electronic health record technology
• Migrating LDAP to Optimal IdM's Virtual Identity Server (VIS)
• Worked on installation, upgradation, cloning and extending the functionality of the connector
• Active Directory Administration
• Analysis of the specifications provided by the client and help Project Manager to estimate the effort required
• Worked on reconciling the Users, Accounts and Groups from Active Directory, Workday
• Worked on various types of Provisioning and reconciliation mechanisms
• Configured the Single Sign-On (SSO) to various Applications and Worked on SSO Siteminder WAM SSO
• Provides physician practices, hospitals, and other healthcare providers with practice management and electronic health record technology

• Company Overview: Capgemini is a multinational information technology services and consulting company
• Experience in development, design, and implementing security using PingFederate, WSO2, and Sun ONE Directory Server (LDAP).
• Continuously improving and automating in IAM technologies that consist of PingFederate, PingAcess, SiteMinder and LDAP directories.
• Experience in installation, upgrade and configuration of PingFederate 7.x/8.x/9.x.
• Perform installation, configuration and maintenance of Access Manager and policy agents.
• Worked on PingFederate in conjunction with CA directory, SiteMinder adapters to implement various flows of authentication to provide single sign on (SSO) solutions to various clients in different scenarios.
• Experience in Apache, IIS web servers
• Expert in generating, implementing SSL certificates in both IIS 5/6/7, Apache 2.x.
• Developed custom PingFederate adapters and PingFederate custom data source drivers using PingFederate Java SDK
• Hands on experience on IIS, Apache Web Servers in Staging and Live environments.
• Experience in analyzing, debugging
• Experience is authenticating applications seamlessly using Kerberos Token Processor.
• Troubleshooted multiple PingFederate Open token/agentless/SAML applications in Live environment to retrieve authentication access
• Capgemini is a multinational information technology services and consulting company

• Work with Forests and Domains; Restructuring a Forest and Renaming Domains
• Maintains the Group Policy infrastructure based on the policies and guidelines provided
• Work with Group Policies
• Assist with implementing solutions for hardware and software.
• Implement common preventive maintenance practices for hardware and software
• Assist in management and support of internal and external DNS systems.
• Assist in management and support of internal DHCP architecture and scoping
• Work with Global Catalog Servers and Schema
• Assisting various AD provisioning, migration experience of UC technologies from OCS to Lync